package uk.ac.ox.ctl.lti13.nrps;

import com.nimbusds.jose.JOSEException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Collections;
import net.minidev.json.JSONObject;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.web.client.RestTemplate;
import uk.ac.ox.ctl.lti13.OAuth2Interceptor;
import uk.ac.ox.ctl.lti13.TokenRetriever;
import uk.ac.ox.ctl.lti13.lti.Claims;
import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.authentication.OIDCLaunchFlowToken;

/* loaded from: input_file:uk/ac/ox/ctl/lti13/nrps/NamesRoleService.class */
public class NamesRoleService {
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final TokenRetriever tokenRetriever;

    public NamesRoleService(ClientRegistrationRepository clientRegistrationRepository, TokenRetriever tokenRetriever) {
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.tokenRetriever = tokenRetriever;
    }

    public NRPSResponse getMembers(OIDCLaunchFlowToken oIDCLaunchFlowToken, boolean z) {
        String asString;
        OidcUser m0getPrincipal = oIDCLaunchFlowToken.m0getPrincipal();
        if (m0getPrincipal == null) {
            return null;
        }
        Object obj = m0getPrincipal.getClaims().get(LtiScopes.LTI_NRPS_CLAIM);
        if (!(obj instanceof JSONObject) || (asString = ((JSONObject) obj).getAsString("context_memberships_url")) == null || asString.isEmpty()) {
            return null;
        }
        Object obj2 = m0getPrincipal.getClaims().get(Claims.RESOURCE_LINK);
        String str = null;
        if (z && (obj2 instanceof JSONObject)) {
            str = ((JSONObject) obj2).getAsString("id");
        }
        return loadMembers(asString, str, oIDCLaunchFlowToken.getClientRegistration().getRegistrationId());
    }

    private NRPSResponse loadMembers(String str, String str2, String str3) {
        ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(str3);
        if (findByRegistrationId == null) {
            throw new IllegalStateException("Failed to find client registration for: " + str3);
        }
        try {
            OAuth2AccessTokenResponse token = this.tokenRetriever.getToken(findByRegistrationId, LtiScopes.LTI_NRPS_SCOPE);
            String str4 = str;
            if (str2 != null) {
                str4 = str4 + "?rlid=" + URLEncoder.encode(str2, "UTF-8");
            }
            RestTemplate restTemplate = new RestTemplate();
            restTemplate.setInterceptors(Collections.singletonList(new OAuth2Interceptor(token.getAccessToken())));
            return (NRPSResponse) restTemplate.getForObject(str4, NRPSResponse.class, new Object[0]);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Unable to find encoding.", e);
        } catch (JOSEException e2) {
            throw new RuntimeException("Failed to sign JWT", e2);
        }
    }
}
